Learn how Kawaa protects your data.
Infrastructure Security
- Encryption in transit - All API calls use TLS 1.3
- Encryption at rest - Data encrypted with AES-256
- SOC 2 compliant - Annual security audits
- AWS hosting - Enterprise-grade infrastructure
Access Control
- Role-based access control (RBAC)
- Two-factor authentication (2FA)
- Hardware security key support (FIDO2)
- API key scoping and permissions
- Audit logs for all actions
Data Handling
- Email addresses are hashed for storage
- Results cached for 24 hours only
- No email content is ever stored
- Regular data purging
Security Reporting
Found a vulnerability? Report it to security@kawaa.com. We respond within 4 hours.